Related Links

Blockchain alternatives: The case for CRAQ

Blockchain technology continues to gain attention as the foundation of the bitcoin economy. Given the rapid gain in popularity of bitcoin, it’s no wonder that so many industries are jumping on the blockchain bandwagon. Businesses are investigating this exciting technology for all kinds of applications.

However, blockchains may not always offer the best solution to your business problems; sometimes, more traditional technologies are better suited to the job. In this paper, we explore append-only CRAQ (create, read, append, query) databases as an alternative to blockchains and describe when to use each. The term “CRAQ” was coined by Dan Hushon, chief technology officer at DXC Technology.

As the foundation of bitcoin, blockchain technology has become a popular choice for storing and sharing critical data assets. However, before jumping on the blockchain bandwagon, enterprises need to consider blockchain alternatives. This paper evaluates CRAQ (create, read, append, query) databases and blockchains, and offers recommendations for when to use each.

The advent of CRAQ databases

Before there was CRAQ, there was CRUD.

Traditionally, data has been managed using updatable strategies involving CRUD (create, read, update, delete) operations. In this approach, data such as your customer profile, your insurance policy, or your health record is maintained in objects that change over time.

For example, let’s say you change your online customer profile with a new phone number or mailing address. It’s likely that your bank will simply overwrite your old profile record in its database using the “Update CRUD” operation.

The problem is that data retention policies or government regulations may require businesses to retain a history of all your old data to the point that overwriting data becomes inadvisable. Applications may add functionality to address such requirements, but as CRUD databases allow historical records to be modified, these databases cannot be relied on to enforce nonrepudiation and auditing.

The advent of inexpensive storage offers a compelling option: Instead of updating or deleting existing data, applications are allowed only to append to existing data. Changes to customer profiles can be handled by maintaining an ever-growing list of updates in a CRAQ database.

Cheap storage, or how we got here

First, let’s take a look at database evolution — to understand how we got here (Figure 1).

In the past, databases were traditionally centralized. It was great to have a single point of control for integrity, security and sharing of data among many applications. However, centralized databases also presented scalability issues and a single point of failure.

This led to distributed databases, which were more resilient to attack and could scale more easily.

At the same time, the advent of cheap, abundant storage spawned append-only CRAQ databases, in which data could grow virtually forever. We now had the option to append and never delete.

How CRAQ databases work

In CRAQ databases, when information changes, a new record is added that represents the most current information, without changing or affecting the existing record. Time becomes the arbiter of what is most recent and accurate; a simple query is all that is required to see the history of the record over time. Using our earlier example: The bank now has the necessary history to review and audit data all the way back to when the customer opened the account.

How blockchains work

Blockchains are a special type of append-only distributed database, in which data is recorded as entries in a ledger, similar to that used in accounting. Changes to this data (such as transfers between two parties) are recorded as transactions in the ledger. Blockchains never change existing data, but instead add a new transaction and use all the previous entries to form a cryptographic “lock” on the data that is being added. Copies of the ledger are distributed among a group of participants, and all copies are kept up to date using a consensus algorithm.

If this sounds more complicated than CRAQ databases, it is, and it’s intentional. This approach is unique to blockchain technology and makes it virtually impossible to change an entry in a blockchain database, while ensuring visibility and auditability among authorized participants.

Some blockchain platforms, such Ethereum and Hyperledger Fabric, allow execution of programs called smart contracts. Smart contracts can automate processes, such as transferring ownership of an asset from one party to another based on programmable business rules.

CRAQ or blockchains: When to use each

Both CRAQ databases and blockchains provide immutable, append-only data- storage solutions. When should enterprises use one or the other?

CRAQ databases are great for auditability and data retention with a centralized point of administration and control. This is a logical choice in organizations where everyone using the data trusts the central administrator.

Good examples of CRAQ applications among trusted participants are:

Customer profile history on an e-commerce site

Financial transaction history in a bank

Patient records in a hospital system

Chain of custody of evidence in a single law enforcement system

On the other hand, blockchains add to CRAQ databases by distributing the data among multiple administrators and verifying its accuracy using cryptographic controls. Any attempt to modify or add to the data is evident to all parties, and malicious transactions can be automatically discarded. This is great for tamper-resistance. Programmability of data assets allows the creation of applications ranging from digital currency to health records, in which control is shared among all participants.

CRAQ databases are great for auditability and data retention. Blockchains are great for tamper-resistance. Enterprises should carefully consider their short- and long-term business requirements and choose the solution that best meets their needs.

Enterprises should consider deploying blockchains if their business process:

Includes multiple participants not belonging to the same company or organization (competitors, suppliers, departments, etc.)

Requires verifiable authentication of these participants

Is used to exchange physical or digital assets between these participants

Relies on intermediaries, which add inefficiency, costs and delays

Implements a complex chain of events that must guarantee immutability and nonrepudiation

Good examples of blockchain applications among multiple participants with limited mutual trust are:

Supply chain and inventory tracking across company and regional boundaries

RFP processes involving multiple vendors

Insurance claims coordination among counterparties such as consumers, insurers, banks and service providers

Access control and consent tracking for health data among multiple healthcare providers

A note of caution: Blockchains are susceptible to corruption. For example, if a bad actor introduces, through accident or on purpose, Personal Identifiable Information (PII), it could break the rules that govern data storage for some countries and governments. Likewise, a more purposeful act could be to store known illegal information in the blockchain. In these cases, it’s likely that the entire chain would be considered corrupted, and the servers that store the chain could even be confiscated. And, because there are multiple nodes where this information is stored, it could lead to legal issues for all those participating in that chain.

That said, jumping on the blockchain bandwagon is tempting; enthusiasts may try to force blockchain technology into solving problems for which it may not be well- suited. Enterprises should carefully consider their short- and long-term business requirements and choose the solution that best meets their needs.